machine/serverle: enable nginx with separate network config

2025-05-24 09:54:40 +02:00 · 2023-02-23 20:02:46 +01:00 · 2023-02-23 20:02:46 +01:00 · 6d0b676cce
commit 6d0b676cce
parent 7085003f2a
3 changed files with 39 additions and 4 deletions
--- a/machines/serverle/services.nix
+++ b/machines/serverle/services.nix
@ -4,8 +4,12 @@ let
  secrets = config.sops.secrets;
 in
 {
+  sops.secrets."acme/inwx" = { };
  sops.secrets."borgbackup/password" = { };
  sops.secrets."borgbackup/ssh_key" = { };
+  sops.secrets."sso/auth-key" = { };
+  sops.secrets."sso/felix/password-hash" = { };
+  sops.secrets."sso/felix/totp-secret" = { };

  # List services that you want to enable:
  my.services = {
@ -23,5 +27,28 @@ in
    jellyfin = {
      enable = true;
    };
+    # Dashboard
+    homer = {
+      enable = true;
+    };
+    # Webserver
+    nginx = {
+      enable = true;
+      acme = {
+        credentialsFile = secrets."acme/inwx".path;
+      };
+      sso = {
+        authKeyFile = secrets."sso/auth-key".path;
+        users = {
+          felix = {
+            passwordHashFile = secrets."sso/felix/password-hash".path;
+            totpSecretFile = secrets."sso/felix/totp-secret".path;
+          };
+        };
+        groups = {
+          root = [ "felix" ];
+        };
+      };
+    };
  };
 }